In the wake of Data Privacy Day, The BBC reveals the why and how behind the IoT hack which earned two teenage cyber criminals overnight fame – The PewDiePie IoT hack.
In an effort to keep YouTube Swedish sensation, Felix Arvid Ulf Kjellberg – better known as PewDiePie, at no.1, two megafans recently hacked hundreds of thousands of IoT devices to share one key message; ‘Subscribe to PewDiePie.’
However, when interviewed by The BBC, hackers now known as “Hacker Giraffe” and “User” insist that their intentions were to warn people about IoT vulnerabilities. “I felt like I was doing good and after this, vulnerable printers were going to drop off,” Says User.
And he wasn’t wrong. Since the PewDiePie IoT hacks, the number of vulnerable printers globally dropped by almost 50%. However, they now warn that copycats may soon be on the prowl for more vulnerable IoT devices to exploit.
The only response to this fundamental and potentially imminent level of risk is an organisation-wide approach to cyber vigilance.
These hacks exploited the existing gaps in software security and affected hundreds of thousands of machines world wide. Emphasising that more remains to be done to prevent potential risks becoming reality.
Printers need to be encrypted as a means to safeguard against the loss of personal data. Encryption is one of the key technologies highlighted within GDPR, so it is imperative that data stored on printers be encrypted to limit the impact of a breach.
In any organisation, there are multiple entry and exit points from which data can flow and your printer is one of these. Whether the data is in the form of e-documents or traditional paper formats, it is important to have a clear knowledge of the risks and an understanding of what data is being held in the printer. Something businesses can do right now, to save yourself a lot of time and stress later, is conduct a thorough audit of all existing data practices, policies and equipment within their organisation.
We previously evaluated all the potential multi-functional printer security weakness areas and compiled a check list of 10 key areas for organisations to secure.
- Capture – scanning and copying documents to uncontrolled destinations can breach data protection guidelines
- Output tray – documents left on the output tray account for the biggest loss of data
- Machine operating system – an unprotected operating system could allow takeover of the machine
- Ports and protocols – open and unused ports and protocols represent a risk that can be exploited
- Management – without regular device scanning, persistent security holes could be exploited
- Network – data can be intercepted across the network link
- Cloud connection – connecting to offsite locations may leave you open to data breach
- Device storage – content stored in devices could be accessed
- The human factor – employees can leave sensitive information on their desk
- Operation panel – an unlocked panel can allow users to tamper with settings
The battle to eliminate IoT cyber threats is entering a new chapter, with new risks and improved technological solutions. There is cause to be optimistic. But organisations must act now to significantly decrease their risk of falling victim.